Facial recognition on Android 4.0 has some bugs

A new feature of the new Android 4.0, a.k.a. Ice Cream Sandwich, has a new feature that will allow you to unlock the phone using facial recognition. Though if you prefer security over convenience you should try not to use this new feature.

As seen in a video created by a mobile blog, the face unlock feature can be fooled by showing it an image of the face used to set up the locking mechanism.  You can do this by taking a picture with one phone and holding it up to another to try to fool the unlock feature.

A google representative has stated that it is considered a low security and experimental way of locking your phone and the interface warns users the face unlock is less secure than a pattern, pin, or password and that someone who looks similar to you could unlock your phone.

So this poses the question do I use this new feature because of the ease of use and the convenience even though it has been show that it has weakness and vulnerabilities. Good has said that they have started looking into the problem and that because Android 4.0 has not been released yet they are still working out the experimental system.

Anonymity Online Through The Tor Project

Since it’s release in 2002, the Tor (short for The Onion Router) has been a system running intended to enable online anonymity.

Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user’s location or usage from someone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including “visits to Web sites, online posts, instant messages and other communication forms”, to the user. It is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored.

http://www.torproject.org/

I have tried using Tor years ago and it seems somewhat practical, but effective for someone who would like anonymity online. The Tor client software can be run through virtually anything that uses the internet on your computer. The downside I found with it though was that sometimes it can cause slow speeds, due to running through other people who have slow internet. Also the fact that you are volunteering yourself while on the Tor network, might make some uneasy about using it.

Have any of you guys used Tor? and if not, do you think it is worth using it to protect your privacy?

Don’t assume you’re safe playing in the sandbox

Very basically, sandboxing for those of you that don’t know, tries to control the rights of an application through permissions , or entitlements as Apple calls them, so that they don’t automatically have full control over the whole computer or smartphone. Sandboxing however gives the user a false sense of security “by implying that apps which run in a sandbox are automatically not malicious – which simply is not true.” On top of that the majority of malware dies not get onto a device through applications but rather through “drive by downloads”; again basically- surfing the wrong place. Another downfall of the sandboxing method of “protection” is that most users slide right past the permissions part of installing an application and simply click ‘ok’ to everything. Furthermore in the Andriod market the applications are not curated or vetted (examined by someone to make sure it’s safe) so a developer could install nearly anything within an application. Don’t think you’re safe if you use an iPhone however…even with the scrutiny there are still major holes

You think I’m blowing smoke up your. ..app…then just watch this video.

http://www.youtube.com/watch?v=ynTtuwQYNmk&feature=player_embedded

I could go on with my views about smartphone apps and malware but you’d be better off reading this article for yourself. Honestly I think anyone that either has a smartphone or is interested in security should definitely read it.

http://www.guardian.co.uk/technology/blog/2011/nov/08/sandboxing-malware-failure

Android users-Pay now or pay later

A study by AV Test recently showed that paid for security apps work much better than free apps do. The study was done on the Android but AV Test claims it should be true for all smart phones. The study results showed that Kaspersky’s and F-Secure’s Mobile Security suites worked the best. They both were able to detect 50 percent of active malware samples used. The best free app was Zoner AntiVirus Free, which detected only 32 percent.  Although the paid apps worked better, still 50 percent is not all that good. According to AV Test, a company that tests apps for security issues, suggests that you should avoid using apps from developers without a reputation. Also avoid apps that have no reviews or poor reviews. Also be leery of developers that don’t have a website. There’s a free android app called Lockout which PC WORLD suggests all Andriod users should have. It checks all apps against a malware blacklist and lets you know if it is suspect.

Here is the article and a link to a PC World best practices page.

http://www.techworld.com.au/article/407139/android_paid_mobile_security_better_study/

http://www.pcworld.com/article/221213/keep_malware_off_your_android_phone_5_quick_tips.html

Browser Sandboxing

Sandboxing is the process of sequestering away programs so that they runs in  a specific and and controlled environment. This is done by controlling the programs area of allocated memory and limiting access to system resources. This process is effective at enclosing programs in the hopes of preventing system contamination. In practice by controlling program i/o and memory access the computer system at large can be fenced off from risky programs such as web browsers or untrusted programs.

In particular sandboxing a web browser can perform such functions as preventing browser exploits from reaching critical sections of the system, sequestering drive by downloads, and allowing risky programs to be downloaded, installed, and run in a safe isolated environment. Combining this with script blocking and a strong anti-virus should result in a system. that is all but impervious to to malicious websites.

Several companies offer sandboxing utilities such as Comodo and Sandboxie. Comodo bundles their sandboxing product as part of their greater personal firewall and hips package. Sandboxie is a purpose built cross browser sandboxing utility.

An example of the use of a browser sandbox can be found at:                                               http://www.youtube.com/watch?v=2IbwhE-r8_k&feature=relmfu

http://www.sandboxie.com/                                                                                                             http://personalfirewall.comodo.com/free-download.html

Feds concerned about hackers opening prison doors

Federal authorities have been doing research and investigations due to the raising concern that the U.S. prisons are vulnerable to computers hackers, who could remotely open cell doors to aid jailbreaks.

They have already found problems with in their computer systems where someone could open every cell door, and the system would tell the control room they are all closed. The security systems in most American prisons are run by specialized computer equipment called industrial control systems. These ICS are also used to control power plants, water treatment facilities and other critical national infrastructure. The problem though being that these ICS systems have been increasingly targeted by hackers in the past couple of years because of the amount of damage that can occur when doing so.

Another vulnerability they have found is that a hacker could destroy the doors by overloading the electrical system that controls them, locking them permanently open and shut down secure communications through the prison intercom system and crash the facility closed circuit tv system as well.

The problem though with hacking a ICS system though is that they are not supposed to be connected to the internet but often there are connections to other networks or devices that are connect to the internet, making it possible for hackers to use those to get in.

Even though they are not supposed to be connected to the internet hackers still could get into the building or another computer on that network and use a usb thumb drive to release a malicious code that would do the same thing.

The federal officials say that they are doing everything they can right now to make sure the systems are up to date on all security measures they can have and are working on fixing the problems with the overloaded circuits that could occur with a hack.

Cloud storage and the new realities for IT departments

IT departments love control and for a good reason. Security is a major concern for large corporations with thousands of employees, but even a small business like your local bakery also wants to be protected from cyber crimes.

The challenge is a lot of people are switching to a new breed of web applications like dropbox and box.net which are very easy to use. Employees already use these tools at home for their everyday lives and they love it, so why not at work!

The problem is security and lack of control over these application. IT departments need the ability to tackle issues and attacks in real time and depending on a service such as Dropbox might not be their ideal solution.

Dropbox and other services are noticing the trend and started offering business packages and more control for teams.

To me the main thing to understand here, is the power of good design and development. People use applications like Dropbox because they are so easy to use and there are no crazy setup preferences to make you call a younger son or daughter to teach you how to do something.

Tools to make your browser safer.

With the ever growing complexity of modern day web browsers, there follows new and dangerous exploits for them. To get around this there exists a variety of plugins for the popular browsers. These plugins attempt to increase your security on the net no only against malicious attacks but also against companies tracking your usage.

The first plugin is called Noscript. Located here: http://noscript.net/ . Noscript disables javascript, java, flash, and other things that  might run on websites. A bar pops up on the bottom of the screen notifying users that its blocking scripts. From here you can choose to permanently enable them or just enable them for a session. Users might want to use a tool like this because exploits can be automatically loaded through things like javascript wiht out any sort of user input. Plus it can also block trackers. Currently there is only a Firefox plugin but supposedly they are working on a chrome one.

Another useful tool is Ghostery http://www.ghostery.com/ . This program blocks most of hte popular tracking methods that websites use to gather information. Whether they be plugins, scripts or tracking bugs. The program notifys you of when its found something and pops up in the corner what they are. It allows you to then click on them to find out more about what that particular tracker is and what it does. This program has a lot of overlap with Noscript in that usually noscript blocks them before it does. Ghostery works with all of the popular browsers.

The last one is Priv3 http://priv3.icsi.berkeley.edu/index.html . This disables all of the buttons for social network sites on other websites. These buttons enable the social network sites to track you on the internet even when you don’t click on any of them. So if your looking for more privacy this might be useful. Again noscript tends to block these already. Priv3 is currently only for Firefox.

Sinkhole’s can contain and prevent damage from botnets

Since botnets have grown to become one of the larger IT threats out there, researchers need to be able to find ways to neutralize them once they’re already active. One method that they use to do this is the sinkhole.

A sinkhole is computer that has all of the data reporting back to it instead of its original command and control server. In the case of the Kelihos botnet researchers at Microsoft had to reverse engineer the bot malware to send out new peer address routed to the sinkhole instead of the c&c server. Since the botnet didn’t connect directly to the command and control server but through a series router nodes, they were able to have the nodes start sending out the address for the sinkhole, instead of the c&c server. Given enough time most of the bots were then passing that address around the most instead of the its original server. Once the majority of the bots are reporting to the sinkhole the researchers are  able to analyze the data from the botnet and more or less shut it down. I say more or less because while the botnet is now inactive, they still need to rely on the end user to remove the botnet malware from their computer. It will be interesting to see what methods malware developers come up with to counteract the sinkhole technique since they always seem to find away around them.

http://arstechnica.com/business/news/2011/09/sinkhole-contains-botnet-nuked-by-microsoft-and-kaspersky.ars

Microsoft kills Google Chrome with bad malware signature

Earlier on Friday Microsoft issued an update to its Microsoft Security Essentials anti-virus program. The definition update seemed to have deleted Google’s Chrome web browser from users machines.

Chrome users began reporting the specious detection of the browser early Friday in a quickly-growing thread on a Google support forum.

“This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed,” said someone identified as “chasd harris” in the first message of the thread. “I clicked the Details button and saw that it was ‘PWS:Win32/Zbot.’ I clicked the Remove button and restarted my PC. Now I do not have Chrome. It has been removed or uninstalled.”

Scores of others reported the same behavior on their Windows PCs running Microsoft’s Security Essentials — its free, consumer-grade antivirus software — as well as Forefront, the antivirus product designed for enterprises.

Microsoft issued another update about 3 hours after the first went live which fixed the issue, but said that about 3,000 users were effected.

This is no where near the first or worst instance of anti-virus vendors issuing bad updates. More than a year ago McAfee issued an update that deleted critical Windows XP system files that wreaked havoc of corporate systems.

This is not too common of a problem, but anti-virus vendors must be fast in responding and fixing issues people have before they create too much damage. Speed is the name of the game for anti-virus vendors, in responding to new attacks and fixing issues customers have with their software that break there systems.

Source: http://www.computerworld.com/s/article/9220435/Microsoft_kills_Google_Chrome_with_bad_malware_signature